Security First

Your privacy and security are at the core of everything we do. That’s why we chose a padlock as our logo. We’ve built Auth-Email from the ground up with a zero-knowledge architecture to keep your email safe.

Secure by Design

Zero-Knowledge Storage

Your account credentials are protected at all times:

  • Client-side encryption – OAuth tokens are encrypted using your password before being used
  • No key storage – We do not save your encryption password. Only you have the decryption key
  • Automatic protection – Authorization tokens are handled transparently by us when you use IMAP / POP / SMTP

It is impossible for us to access your account data.

Continuous Compliance

Keep your existing controls, and remain compliant:

  • No servers to run or maintain – Email stays on your provider’s servers. We modernize authentication, but your current systems keep working
  • Works with your current mail flow – No risky tenant migrations or mailbox moves needed
  • Secure and compliant – Your existing journaling, retention, and audit processes continue to function

Your compliance posture is not affected.

Encryption Everywhere

All connections are encrypted using industry-standard TLS:

  • Web dashboard – We only allow secure HTTPS connections
  • OAuth configuration – All communication with your email provider is encrypted
  • IMAP / POP / SMTP – Implicit TLS or STARTTLS encryption is required. Unencrypted connections are always rejected

Your data is never transmitted without encryption.

Minimal Logging

We collect only what’s absolutely necessary to provide our service:

  • No email content – Never logged or stored. No data mining, ever
  • No message metadata – No subjects, senders, recipients, or any other details
  • Status only – Just login success or failure for account management, and to help with abuse prevention

Your email activity remains completely private.

Start securing your email →

Data Protection

Server Location

We chose Germany as the location for our infrastructure because it has some of the strongest privacy and data protection laws in the world. Our servers are subject to strict European regulations designed to protect your personal data.

GDPR Compliant

We are fully compliant with the European General Data Protection Regulation (GDPR), giving you control over your personal data. For more details, see our Privacy Policy.

Additional Security Measures

Passwordless Login

Link-based authentication eliminates password-related risks. Secure, time-limited tokens expire after 10 minutes.

Infrastructure Security

Regular software updates and patches, multi-layer firewall protection, and strict access controls.

Data Minimization

We only collect and store the minimum data necessary to provide our services. Less data means less risk.

Responsible Disclosure

We welcome security researchers to help us keep Auth-Email secure. If you believe you have discovered an issue, please contact us immediately:

[email protected]

We respond promptly, work collaboratively to resolve issues, and do not pursue legal action against researchers acting in good faith.

Your Security Checklist

Security is a shared responsibility. Here’s what you can do:

  • Enable two-factor authentication – Add an extra layer of protection to your Auth-Email account
  • Use strong passwords - Choose unique, unguessable passwords when linking your accounts
  • Review connected accounts - Periodically check which email accounts are linked to Auth-Email, and remove any that are no longer needed

Questions about our security practices?

We’re happy to answer any questions you have about how we protect your data.

Ask us a question